Skip to main content

8 security tips for your Mac

It's hard to deny that Macs are pretty darn secure. According to Sophos, there are four known viruses on OS X, compared to 80,000 on Windows. That said, Macs aren't invincible by any means. Viruses aren’t the only way people with bad intentions can get at your computer. In fact, attackers are well aware of Apple owners' false sense of security, and we've seen them take advantage of this time after to time to compromise OS X systems.

With that in mind, we've put together some easy to follow tips to help secure your Mac systems and personal data. They're listed in order of paranoia – the first two are mandatory, really, while the last few are tailored to the extremely security-conscious.

1. Back up your data

We wouldn't normally categorise back up as a security issue, but the recent hack of Wired journalist Mat Honan turned it into one, as he learned the hard way the foolishness of relying solely on iCloud for backup. Apple makes hard backups incredibly easy with Time Machine, a built-in feature that regularly backs up your entire system onto an external hard drive. All you need to do is plug it in. Apple's iCloud and other cloud-based backup services are convenient, but you should never rely fully on the cloud (or indeed, any single backup solution). After all, you're entrusting all your data to another company with the cloud, and you'd be surprised at how careless they can be. The Mat Honan case, and the way attackers managed to trick Amazon and Apple reps into resetting his iCloud account, illustrates this more than aptly.

2. Install new software updates immediately

Unpatched software is still one of the most common vectors for computer attacks. OS X makes checking for updates easy by doing it for you. Open the Software Update pane in System Preferences, make sure "Check For Updates" is on (it usually is by default) and set it to the most frequent setting.

3. Enable Keychain

Hopefully by now you know never to use the same password for everything, because if an attacker gains access to one of your accounts, he'll try using the same password to access other kinds of accounts. That's why it's crucial to use multiple "insanely secure" passwords. Fortunately, in OS X you don't have to know them all by heart. Just use the built-in password manager Keychain which allows you to store your passwords, certificates, and other confidential information used to authenticate an application or website. Find Keychain in the Utilities folder under Applications.

4. Know your source

The few instances of Mac malware we've seen have all entered users' systems by fooling the user into downloading malicious email attachments, or downloading a legitimate seeming piece of software. In the latest software OS X 10.8 Mountain Lion (see our review of it here), Apple has introduced a new security feature in the control panel called Gatekeeper. This lets you select allowable sources of app installations. At the highest security setting, you'll only be able to download and install apps from the Mac App Store. The default option I'd stick with lets you download apps signed with a Developer ID (like Microsoft). The lowest security setting lets you download apps from anywhere.

5. Disable Java and Flash plug-ins

Security experts have long encouraged users to disable Java and Flash in their browsers, which closes popular attack vectors on Macs. For instance, the Flashback malware that infected over half a million Macs earlier this year exploited systems through Java. So unless you're a creative type who relies heavily on Adobe Creative Suite, you probably don't need these plug-ins now that most websites are switching to HTML5. Disable Java by going to the Applications folder, Utilities, and unchecking all the Java boxes under the General tab. To disable Flash, you'll have to use the Chrome or Firefox browsers which let you configure this setting.

6. Install antivirus software

If your mentality is that "you can never be too safe," there are lots of popular, free options out there that will protect your system from the various Trojans, viruses, and phishing scams that occasionally ensnare Mac users. Mac-specific security vendors like Intego, Sophos, and ClamXav provide free (or at least free trials of) antivirus software, though we must admit we haven't tested them yet.

7. Use a stronger firewall

OS X has a built-in firewall (disabled by default) that blocks incoming connection attempts, but you'll find far more granularity in the popular OS X firewall, Little Snitch. Little Snitch tells you when an application tries to establish an outgoing connection, which could prevent a malicious app from sending out private data. It handles all network interfaces, including AirPort, PPP, network cards and so forth, and unlike OS X's built-in firewall lets you block specific IP addresses. However, it does take time to fully configure.

8. Encrypt with FileVault 2

If your MacBook is carrying State secrets or similarly confidential information, you can enable this built-in feature to encrypt your entire hard drive with AES 128 encryption.

And that’s the lot for our little tips excursion. As mentioned earlier, tips 1 and 2 are mandatory, really. This list is by no means exhaustive, so feel free to share your own Mac security tips in the comments section below.